Wednesday, 17 May 2017

BEYOND THE BREACH: why high profile data breaches are not the only concern for consumers in the digital economy

Organisations in countries all over the world were affected by a major cyberattack last Friday (12 May 2017) and over the weekend when the Wannacry virus struck. Amanda Long, Director General, Consumers International, talks about what the virus means for consumer organisations.

This was different from the high profile security breaches that we are familiar with, like Ashley Madison or Yahoo. In these cases, people’s personal data was targeted in the attack, which can result in serious consequences: credit card fraud, identify theft as well as distress at private information being made public.

The Wannacry attack was different because it didn’t directly target consumers’ personal data, instead it was able to shut down critical parts of companies or organisations’ IT systems and only open them up again once a ransom was paid. Yet the consequences could be just as serious. According to the BBC, an estimated 47 NHS trusts in England reported problems at hospitals and 13 NHS organisations in Scotland were affected as operations were cancelled, ambulances were diverted from A&E departments and people had problems obtaining medicine prescriptions.

Thankfully this time, the immediate consumer impacts in other countries appear less severe: train ticketing unavailable in parts of Germany or public services in some parts of China. However, our member in Oman reported areas of the internet were shut down as a precautionary measure. It's a stark reminder of the range of security-related risks that citizens and consumers face in an increasingly connected digital world. Although we may not always be aware of it, digital systems under pin the financial, health, transport and communications systems that millions of consumers rely on. And while nation states have long been building defence against such attacks on their national infrastructure, the Wannacry case shows how easily this could happen to any commercial service like payments services, ecommerce, or transport. Even those who are not connected to the internet can be affected when ATMs or transport is not available. The connected nature of the online world brings multiple benefits. But the same interconnections create a major challenge for anyone trying to keep people, countries and assets secure in the digital world. Preventing similar disruption requires everyone to play their part, consumers to practice good digital security, companies to keep products updated and secure, and organisations to treat cybersecurity as a strategic/board level priority. And as consumer organisations we have a role in understanding where new threats could come from and what impact they might have - and not only respond to harms after they happen. This requires an understanding of how the digital ecosystem works, and the way threats to consumer welfare change and evolve. Data breaches have got a lot of attention and a lot of consumer facing policy is in place. However, to be effective for consumers in the digital world we also need to know what’s around the corner.